svchost.exe what anti-virus using

  • Thread starter Thread starter J Johnson
  • Start date Start date
J

J Johnson

Im having this svchost.exe problem, mcafee anti-virus not
detecting any msblast or w32lovsan worm. How can I remove
the worm when I can not find it?
 
J said:
Im having this svchost.exe problem, mcafee anti-virus not
detecting any msblast or w32lovsan worm. How can I remove
the worm when I can not find it?
Click to expand...

try the follow commands on your PC from a CMD prompt

netstat -an | findstr 135

If you see alot of connections going to internet IP addresses
then it's a
good chance you have the worm. Just a little tip.

http://www.microsoft.com/security/incident/blast.asp


http://www.europe.f-secure.com/v-descs/msblast.shtml

although the removal tool link is incorrect ... it should be

ftp://ftp.f-secure.com/anti-virus/tools/F-Lovsan.zip
 
-----Original Message-----
Im having this svchost.exe problem, mcafee anti-virus not
detecting any msblast or w32lovsan worm. How can I remove
the worm when I can not find it?
Click to expand...

Me too, I reformatted my disk & now seem to be in catch
22 - can't use the patch without service pack, can't
download service pack because of the svchost error.

All virus/worm checks say I haven't got it. I've installed
Zone Alarm as recommended by MS & things have improved. I
was unable to post a message before, but the problem is
not cured.

Has anyone contacted Microsoft about this, or is that a
silly question?

Mattie
 
Has anyone contacted Microsoft about this, or is that a
silly question?
Click to expand...

The silliness doesn't really apply at the "question" level, so much as the
"asker" level. Yes, Microsoft knows about this. Everyone knows about this.
You have the Blaster worm. If you don't have updated definitions of your AV
software, it may tell you that you don't have any infections when in fact
you do. You need to keep that firewall going at ALL times, especially if
you're on cable/T1/other permanent connection. You need to update your AV
software. You need to remove msblast.exe from your computer. You need to get
ALL Windows Service Packs (order them on CD if you can't download them, ask
a friend to download them for you, whatever it takes). Then, if you're still
having problems, come back and ask a "silly" question. But read the other
posts first, your questions will probably be answered more than once.


KB
 
You have the Blaster worm. Then, if you're still
having problems, come back and ask a "silly" question. But read the other
posts first, your questions will probably be answered
Click to expand...
more than once.

I have read the posts, I have used my updated virus
checker, I have used the Symantec Blaster worm finder, I
have searched my registry in all the Windows folders, not
just Current Version. If it is the worm, it's doing a very
good job of hiding itself.

The only thing that seems to have helped is the firewall.
Not sure how to get the service pack on a CD, but will try.

Thanks for responding.

Mattie
 
Here's mine:

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
UDP 0.0.0.0:135 *:*

I'm going to assume this is OK. If I change the port to 80

netstat -an | findstr 80

will that tell me all client's IP addresses that are accessing my IIS
Server? Thanks.
 
Back
Top